package com.wxh.new_erp.sys.realm;


import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.wxh.new_erp.sys.common.ActiverUser;
import com.wxh.new_erp.sys.common.Constast;
import com.wxh.new_erp.sys.domian.Permission;
import com.wxh.new_erp.sys.domian.User;
import com.wxh.new_erp.sys.service.PermissionService;
import com.wxh.new_erp.sys.service.RoleService;
import com.wxh.new_erp.sys.service.UserService;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/**
 * shiro登陆
 */

public class UserRealm extends AuthorizingRealm {

    @Autowired
    @Lazy
    private UserService userService;
    @Autowired
    @Lazy
    private RoleService roleService;
    @Autowired
    @Lazy
    private PermissionService permissionService;

    @Override
    public String getName() {
        return this.getClass().getSimpleName();
    }

    /**
     *
     * 认证
     * @param token
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        QueryWrapper<User> queryWrapper=new QueryWrapper<>() ;
        queryWrapper.eq("loginname",token.getPrincipal().toString());

        User user=userService.getOne(queryWrapper);

        if (user!=null){
            ActiverUser activerUser=new ActiverUser();
            activerUser.setUser(user);
            //设置只能查询菜单 并且可用
            QueryWrapper<Permission> pwq=new QueryWrapper<>();
            pwq.eq("type", Constast.TYPE_PERMISSION);
            pwq.eq("available",Constast.AVAILABLE_TRUE);

            //根据用户id角色权限查询
            Integer userId=user.getId();
            //根据用户id查询角色
            List<Integer> currentUserRoleIds=roleService.queryUserRoleIdsByUid(userId);
            //根据角色ID获得权限和菜单UD
            Set<Integer> pids=new HashSet<>();

            for(Integer ids :currentUserRoleIds){
                List<Integer> permissionIds=roleService.queryRolePermissionIdsByRid(ids);
                pids.addAll(permissionIds);
            }

            List<Permission> list=new ArrayList<>();

            //根据角色id查询权限
            if (pids.size()>0){
                pwq.in("id",pids);
                list=permissionService.list(pwq);
            }
            List<String> percodes=new ArrayList<>();

            for (Permission permission : list) {
                percodes.add(permission.getPercode());
            }
            //放到
            activerUser.setPermissions(percodes);

            ByteSource credentialsSalt = ByteSource.Util.bytes(user.getSalt());
            SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(activerUser, user.getPwd(), credentialsSalt,
                    this.getName());
            return info;
        }



        return null;
    }
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();
        ActiverUser activerUser= (ActiverUser) principals.getPrimaryPrincipal();

        User user=activerUser.getUser();

        List<String>  permissions=activerUser.getPermissions();
        if (user.getType()==Constast.USER_TYPE_SUPER){
            authorizationInfo.addStringPermission("*:*");
        }else {
            if(null!=permissions&&permissions.size()>0) {
                authorizationInfo.addStringPermissions(permissions);
            }
        }
        return authorizationInfo;

    }











































}
